At the beginning of January, I began compiling my 2001 end-of-year retrospective for WinInfo Daily UPDATE, the daily Windows news and information newsletter. I had expected Microsoft's antitrust woes to be the year's top technology story, but after reviewing several hundred articles I wrote in 2001, an interesting—but distressing—theme emerged. Microsoft's products and services were the subject of numerous security and privacy-related stories last year and, in the end, I chose the company's problems in this area as the top story of 2001.
"Regardless of your feelings about Microsoft, it was a tough year for what I think of as the integrity of the company's products," I wrote. "Integrity encompasses several qualities, including basic security, privacy, and reliability, but also a general feeling of trust people have in a given product—an almost subconscious feeling that something is good or right." Imagine my surprise last week when Microsoft Chairman and Chief Software Architect Bill Gates agreed with my assertion about the company's products' lack of integrity and made similar comments in an email sent to all 49,000 Microsoft full-time employees.
"Even more important than any new capabilities \[we might add to a product\] is the fact that it is designed from the ground up to deliver Trustworthy Computing," Gates wrote. "What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable, and secure as electricity, water services, and telephony."
The idea that Microsoft chooses features over security or privacy is well established. But in 2001, the company came under increasing fire as its products and services fell to various vulnerabilities, hacker attacks, and security holes. Microsoft is asking customers to bet on the .NET future, but if the company can't keep Windows Update running, protect Passport from hackers, or release a media player without incorporating some type of Denial of Service (DoS) vulnerability, how can we trust the company to deliver on its .NET vision?
Microsoft hasn't designed its products with security as the goal, but maybe that's going to change. In his memo, Gates spells out the key aspects of his Trustworthy Computing strategy.
- Availability. Microsoft's products must be available when the customer needs them. "System outages should become a thing of the past because of a software architecture that supports redundancy and automatic recovery. Self-management should allow for service resumption without user intervention in almost every case."
- Security. Microsoft's software and services must protect customer data. Gates proposes that the company create security models that are "easy for developers to understand and build into their applications."
- Privacy. Users must have control over how other individuals and organizations use their data. "It should be easy for users to specify appropriate use of their information, including controlling the use of email they send."
- Trustworthiness. "Winning customers' trust involves more than just fixing bugs and achieving 'five-nines' \[99.999 percent\] availability," Gates wrote. "It's a fundamental challenge that spans the entire computing ecosystem, from individual chips all the way to global Internet services. It's about smart software, services, and industrywide cooperation."
Noting the company's recent security initiatives, Gates told employees that each division—including the all-important Windows division—can expect "intensive code reviews" that will look for security vulnerabilities. The Visual Studio.NET products underwent such a review in December, Gates said.
"We're in the process of training all our developers in the latest secure coding techniques," Gates continues. (Does that statement scare you as much as it scares me? Why hasn't this training occurred on an ongoing basis?) But Gates redeems himself with the email's key message. "When we face a choice between adding features and resolving security issues, we need to choose security," Gates writes. "Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve .... This priority touches on all the software work we do. By delivering on Trustworthy Computing, customers will get dramatically more value out of our advances than they have in the past."
Most Microsoft customers would gladly accept better security over new features, even if the company temporarily slowed development so it could harden and protect its existing products and services. Improving security is the least the company can do. And it's about time.
